Krebs on Security

In-depth security news and investigation

Posts Tagged: Fred’s Inc.

Fred’s Inc., a discount general merchandise and pharmacy chain that operates 650 stores in more than a dozen states, disclosed today that it is investigating a potential credit card breach.

KrebsOnSecurity contacted Fred’s earlier this week, after hearing from multiple financial institutions about a pattern of fraud on customer cards indicating that Fred’s was the latest victim of card-stealing malware secretly installed on point-of-sale systems at checkout lanes.

Sources said it was unclear how many Fred’s locations were affected, but that the pattern of fraudulent charges traced back to Fred’s stores across the company’s footprint in the midwest and south, including Alabama, Arkansas, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Tennessee and Texas.

Reached for comment about the allegations, the company issued the following response today:

Fred’s Inc. recently became aware of a potential data security incident and immediately launched an internal investigation to determine the scope of the issue. We retained Mandiant, a leading independent forensics firm, to examine our data security systems.

We want to assure our customers that protecting their information is one of our top priorities and we are taking this potential incident very seriously. Until this investigation is completed, it will be difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.

I am hearing about so many different retail breaches at retail and restaurant chains right now that I could do nothing but write about them full time and still fall behind.

A quick note about this blog: I’ve been on vacation for the past two weeks in Australia and New Zealand, which is why posting has been sporadic at best of late. Also, a glitch in our email server prevented many readers from receiving notifications of new updates over the last few weeks. Fixing the glitch caused subscribers to receive 10 days’ worth of email notifications all at once. Sorry for the inconvenience.